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CLAIMS 



A method of enabling a proxy to participate in 
cation between a client and a server, 



a secure communi 
comprising the step of: 

establishing 
client and the p 



a first secure session between the 



15 



oxy; 

upon verifying the first secure session, 
establishing a second secure session between the client 
and the proxy, the second secure session requesting the 
proxy to act as a conduit to the server; 

having the client and the server negotiate a session 
master secret; and 

delivering tjhe session master secret to the proxy 
using the first secure session to enable the proxy to 
participate in tne secure communication. 



-ft 

3 =y 



2 . The method as described in Claim 1 further 

including the step of having the proxy use the session 
master secret and a session identifier to generate given 
20 cryptographic /information. 



25 



3 . Thef method as described in Claim 2 further 

including the step of having the proxy enter an active 
operating suate following receipt of the session master 
secret and generation of the given cryptographic 
information A 
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4. The method as described in Claim 3 wherein the 

proxy performs a given serv/ce on behalf of the client in 
the active operating stated 



~3 = 



10 



5. The method as described in Claim 4 wherein the 

given service is selected from a set of services 
including transcoding, /caching, encryption, decryption, 
monitoring, f iltering/and pre-f etching . 

6. The method as described in Claim 1 wherein the 

first and second secure sessions confirm to a network 
security protocols 



15 7. The method as described in Claim 6 wherein the 

network securiny protocol is SSL. 



20 



8. The/ method as described in Claim 6 wherein the 
network security protocol is TLS . 

9 . The method as described in Claim 1 wherein the 

server is a Web server and the client is a pervasive 
computing client. 
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10. A method of enabling a proxy to participate in 

a secure communication between a client and a server / 
comprising the step of: 

having the client r/equest a first secure connection 
5 to the proxy; 

upon authenticating validity of a certificate 
received from the proxy, having the client request a 
second secure connection to proxy, the second secure 
connection requesting/ the proxy to act as a conduit to 
10 the server; 

having the pro^fcy generate a session identifier; 
having the clifent and the server negotiate a session 
master secret through the conduit; 

upon completion of the negotiation, having the 
15 client deliver tHe session master secret to the proxy 
using the first /secure connection; 

having the/ proxy use the session master secret and 
the session identifier to generate given cryptographic 
information tl/at is useful for participating in the 
20 secure commun/i cation 



25 



11. Tne method as described in Claim 10 further 

including tihe step of having the proxy enter an active 
operating state following receipt of the session master 
secret and/ generation of the given cryptographic 
information. 
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12. The method as described in Claim 11 wherein the 

\ 

proxy performs a biven service on behalf of the client in 
the active operating state . 



13 . The methoVi as described in Claim 12 wherein the 

given service is selected from a set of services 
including transcoding, caching, encryption, decryption, 
monitoring, filtering and pre-f etching . 



10 14. The method las described in Claim 10 wherein the 

first and second secure sessions confirm to a network 
security protocol. 



15. The method 



15 network security prot 



16. The method 



network security protocol is TLS 



as described in Claim 14 wherein the 



ocol is SSL. 



as described in Claim 14 wherein the 
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17. A method for establishing the security of a 



session between 
steps of: 



i\a cli 



ent and a server, comprising the 



through a proxy, conducting a security handshake 

the client and the server to produce a 



procedure between 
session key; and 

transmitting 
the proxy can pare 



he session key to the proxy so that 
Acipace in communications between the 



client and the server during the session. 



session key is t 
over a secure 



connec 



18. The method as described in Claim 17 wherein the 

itted from the client to the proxy 
tion. 



ransmit 



19. The method as described in Claim 18 wherein the 



secure connection t>e 
created before the 
maintained 



throughout 



tween the client and the proxy is 
ecurity handshake procedure and is 
the session. 
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20. A cryptographic system, comprising: 

a client ; 
a server ; 
a proxy; 

a network protocol! service for enabling the client 
and server to communicate over a secure connection; 

a computer program (i) for controlling the client to 
request a first secure connection to the proxy, (ii) 
responsive to authenticating validity of a certificate 
from the proxy, for Controlling the client to request a 
second secure connection to proxy, the second secure 
connection requesting the proxy to act as a conduit to 
the server, (iii) flor controlling the client to negotiate 
with the server through the conduit to obtain a session 
master; and (iv) upon successful completion of the 
negotiation, for (Controlling the client to deliver the 
session master sejbret to the proxy using the first secure 
connection; and 

a computer program (i) for controlling the proxy to 
use the session jfoaster secret and a session identifier to 
generate given cryptographic information, and (ii) for 
switching the proxy into an active operating state during 
which it can participate in communications between the 
client and the server. 
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J£/ ^2^- The cryptographic system as described in Claim 
21 wherein the proxy includes means for providing 
transcoding services on behalf of the client. 

23. The cryptographic system as described in Claim 
21 wherein the proxy includes means for providing 
encryption/decryption services on behalf of the client. 
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The cryptographic system as described in Claim 
10 21 wherein the proxy 

services on behalf of the client 



v 




21 wherein the proxy 



15 monitoring services 



includes means for providing caching 



The cryptojgraphic system as described in Claim 
includes means for providing 
on behalf of the client. 
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A computer program product in a compute! 

1 

readable medium for use dn a cryptographic system 



including a client, a se 

a first routine (i 
request a first secure c 
responsive to authentic 



rver, and a proxy, comprising: 
for controlling the client to 
onnection to the proxy, (ii) 
ting validity of a certificate 
from the proxy, for controlling the client to request a 
second secure connection to proxy, the second secure 
connection requesting the proxy to act as a conduit to 
the server, (iii) for /controlling the client to negotiate 
with the server through the conduit to obtain a session 
master; and (iv) upom successful completion of the 
negotiation, for controlling the client to deliver the 
session master secret to the proxy using the first secure 
connection; and 

a second roudine (i) for controlling the proxy to 
uae the session master secret and a session identifier to 
generate given crj^ptographic information, and (ii) for 
switching the pro;cy into an active operating state during 
which it can participate in communications between the 
client and the server. 
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